Windows
Analysis Report
iOqzwbUlln.exe
Overview
General Information
Detection
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Classification
- System is w10x64
iOqzwbUlln.exe (PID: 1592 cmdline:
C:\Users\u ser\Deskto p\iOqzwbUl ln.exe MD5: FC3E0027FFEAD1129ACCEDCB4814E96F) szV94FU13.exe (PID: 5508 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\IXP000. TMP\szV94F U13.exe MD5: 43AC4F54070D2E111D56AF37CF9C2765) stL82bL52.exe (PID: 4916 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\IXP001. TMP\stL82b L52.exe MD5: 8906052E48565395A2A7E5B0D6584C7E) sQm37qN82.exe (PID: 5108 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\IXP002. TMP\sQm37q N82.exe MD5: 64653075A4A9CF43333AE22B968159AB) iDa05Vg46.exe (PID: 5072 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\IXP003. TMP\iDa05V g46.exe MD5: CA6D279F0C8A205BFA0F8878D8F7BA2A) kGO12fD60.exe (PID: 6048 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\IXP003. TMP\kGO12f D60.exe MD5: 1DC889EA2A05C7C4D829060CABE98814)
rundll32.exe (PID: 6028 cmdline:
C:\Windows \system32\ rundll32.e xe" C:\Win dows\syste m32\advpac k.dll,DelN odeRunDLL3 2 "C:\User s\user\App Data\Local \Temp\IXP0 00.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
rundll32.exe (PID: 3588 cmdline:
C:\Windows \system32\ rundll32.e xe" C:\Win dows\syste m32\advpac k.dll,DelN odeRunDLL3 2 "C:\User s\user\App Data\Local \Temp\IXP0 01.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
rundll32.exe (PID: 5088 cmdline:
C:\Windows \system32\ rundll32.e xe" C:\Win dows\syste m32\advpac k.dll,DelN odeRunDLL3 2 "C:\User s\user\App Data\Local \Temp\IXP0 02.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
rundll32.exe (PID: 3912 cmdline:
C:\Windows \system32\ rundll32.e xe" C:\Win dows\syste m32\advpac k.dll,DelN odeRunDLL3 2 "C:\User s\user\App Data\Local \Temp\IXP0 03.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": "193.233.20.23:4123", "Bot Id": "ramon", "Authorization Header": "3197576965d9513f115338c233015b40"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
| Click to see the 12 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| Click to see the 31 entries | ||||
| Timestamp: | 193.233.20.23192.168.2.44123496952043234 02/27/23-11:39:10.429997 |
| SID: | 2043234 |
| Source Port: | 4123 |
| Destination Port: | 49695 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.4193.233.20.234969541232043231 02/27/23-11:39:21.135506 |
| SID: | 2043231 |
| Source Port: | 49695 |
| Destination Port: | 4123 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.4193.233.20.234969541232043233 02/27/23-11:39:08.913244 |
| SID: | 2043233 |
| Source Port: | 49695 |
| Destination Port: | 4123 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
|---|
| Source: | Avira: | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Avira: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | ReversingLabs: | |||
| Source: | ReversingLabs: | |||
| Source: | ReversingLabs: | |||
| Source: | ReversingLabs: | |||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Code function: | 0_2_00E82F1D | |
| Source: | Code function: | 1_2_000C2F1D | |
| Source: | Code function: | 2_2_001F2F1D | |
| Source: | Code function: | 3_2_00DE2F1D | |
Compliance |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_00E82390 | |
| Source: | Code function: | 1_2_000C2390 | |
| Source: | Code function: | 2_2_001F2390 | |
| Source: | Code function: | 3_2_00DE2390 | |
Networking |
|---|
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | URLs: | ||
| Source: | ASN Name: | ||
| Source: | IP Address: | ||
| Source: | TCP traffic: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
System Summary |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_00E83BA2 | |
| Source: | Code function: | 0_2_00E85C9E | |
| Source: | Code function: | 1_2_000C3BA2 | |
| Source: | Code function: | 1_2_000C5C9E | |
| Source: | Code function: | 2_2_001F3BA2 | |
| Source: | Code function: | 2_2_001F5C9E | |
| Source: | Code function: | 3_2_00DE3BA2 | |
| Source: | Code function: | 3_2_00DE5C9E | |
| Source: | Code function: | 5_2_00408C60 | |
| Source: | Code function: | 5_2_0040DC11 | |
| Source: | Code function: | 5_2_00407C3F | |
| Source: | Code function: | 5_2_00418CCC | |
| Source: | Code function: | 5_2_00406CA0 | |
| Source: | Code function: | 5_2_004028B0 | |
| Source: | Code function: | 5_2_0041A4BE | |
| Source: | Code function: | 5_2_00418244 | |
| Source: | Code function: | 5_2_00401650 | |
| Source: | Code function: | 5_2_00402F20 | |
| Source: | Code function: | 5_2_004193C4 | |
| Source: | Code function: | 5_2_00418788 | |
| Source: | Code function: | 5_2_00402F89 | |
| Source: | Code function: | 5_2_00402B90 | |
| Source: | Code function: | 5_2_004073A0 | |
| Source: | Dropped File: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_00E81F90 | |
| Source: | Code function: | 1_2_000C1F90 | |
| Source: | Code function: | 2_2_001F1F90 | |
| Source: | Code function: | 3_2_00DE1F90 | |
| Source: | Code function: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00E83FEF | |
| Source: | Code function: | 4_2_00007FF815F01B10 | |
| Source: | Code function: | 0_2_00E84FE0 | |
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00E81F90 | |
| Source: | Code function: | 1_2_000C1F90 | |
| Source: | Code function: | 2_2_001F1F90 | |
| Source: | Code function: | 3_2_00DE1F90 | |
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00E8597D | |
| Source: | Binary or memory string: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Code function: | 5_2_004019F0 | |
| Source: | Process created: | ||
| Source: | Command line argument: | 0_2_00E82BFB | |
| Source: | Command line argument: | 1_2_000C2BFB | |
| Source: | Command line argument: | 2_2_001F2BFB | |
| Source: | Command line argument: | 3_2_00DE2BFB | |
| Source: | Command line argument: | 5_2_00413780 | |
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 0_2_00E87260 | |
| Source: | Code function: | 1_2_000C7260 | |
| Source: | Code function: | 2_2_001F7260 | |
| Source: | Code function: | 3_2_00DE7260 | |
| Source: | Code function: | 5_2_0041C4E2 | |
| Source: | Code function: | 5_2_00423179 | |
| Source: | Code function: | 5_2_0041C4E2 | |
| Source: | Code function: | 5_2_00423179 | |
| Source: | Code function: | 5_2_0040E230 | |
| Source: | Code function: | 5_2_0041C6BF | |
| Source: | Code function: | 0_2_00E8202A | |
| Source: | Static PE information: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Code function: | 0_2_00E81AE8 | |
| Source: | Code function: | 1_2_000C1AE8 | |
| Source: | Code function: | 2_2_001F1AE8 | |
| Source: | Code function: | 3_2_00DE1AE8 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion |
|---|
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 5_2_004019F0 | |
| Source: | Evasive API call chain: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Check user administrative privileges: | graph_2-2575 | ||
| Source: | Check user administrative privileges: | graph_1-2569 | ||
| Source: | Check user administrative privileges: | graph_0-2453 | ||
| Source: | Check user administrative privileges: | |||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Registry key enumerated: | ||
| Source: | WMI Queries: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00E85467 | |
| Source: | Code function: | 0_2_00E82390 | |
| Source: | Code function: | 1_2_000C2390 | |
| Source: | Code function: | 2_2_001F2390 | |
| Source: | Code function: | 3_2_00DE2390 | |
| Source: | Code function: | 5_2_004019F0 | |
| Source: | Code function: | 0_2_00E8202A | |
| Source: | Code function: | 5_2_0040CE09 | |
| Source: | Code function: | 5_2_0040ADB0 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Code function: | 0_2_00E86F40 | |
| Source: | Code function: | 0_2_00E86CF0 | |
| Source: | Code function: | 1_2_000C6F40 | |
| Source: | Code function: | 1_2_000C6CF0 | |
| Source: | Code function: | 2_2_001F6F40 | |
| Source: | Code function: | 2_2_001F6CF0 | |
| Source: | Code function: | 3_2_00DE6F40 | |
| Source: | Code function: | 3_2_00DE6CF0 | |
| Source: | Code function: | 5_2_0040CE09 | |
| Source: | Code function: | 5_2_0040E61C | |
| Source: | Code function: | 5_2_00416F6A | |
| Source: | Code function: | 5_2_004123F1 | |
| Source: | Code function: | 0_2_00E817EE | |
| Source: | Code function: | 5_2_00417A20 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00E87155 | |
| Source: | Code function: | 4_2_00007FF815F0077D | |
| Source: | Code function: | 0_2_00E82BFB | |
Lowering of HIPS / PFW / Operating System Security Settings |
|---|
| Source: | Registry key value created / modified: | Jump to behavior | ||
| Source: | Registry key value created / modified: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Binary or memory string: | ||
Stealing of Sensitive Information |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File source: | ||
Remote Access Functionality |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | 221 Windows Management Instrumentation | 1 Windows Service | 2 Bypass User Access Control | 21 Disable or Modify Tools | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
| Default Accounts | 3 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 3 Data from Local System | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | 2 Command and Scripting Interpreter | Logon Script (Windows) | 1 Windows Service | 2 Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | 1 Service Execution | Logon Script (Mac) | 1 Process Injection | 21 Software Packing | NTDS | 137 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Timestomp | LSA Secrets | 361 Security Software Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | 2 Bypass User Access Control | Cached Domain Credentials | 231 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Masquerading | DCSync | 12 Process Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 231 Virtualization/Sandbox Evasion | Proc Filesystem | 1 Application Window Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
| Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 Access Token Manipulation | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
| Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | 1 Process Injection | Network Sniffing | Process Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
| Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | 1 Rundll32 | Input Capture | Permission Groups Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 67% | ReversingLabs | ByteCode-MSIL.Trojan.RedLine | ||
| 57% | Virustotal | Browse | ||
| 100% | Avira | HEUR/AGEN.1252166 | ||
| 100% | Joe Sandbox ML |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira | HEUR/AGEN.1252166 | ||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 74% | ReversingLabs | ByteCode-MSIL.Trojan.Whispergate | ||
| 68% | Virustotal | Browse | ||
| 62% | ReversingLabs | Win32.Trojan.Tedy | ||
| 54% | Virustotal | Browse | ||
| 44% | ReversingLabs | Win32.Trojan.Generic | ||
| 51% | Virustotal | Browse | ||
| 59% | ReversingLabs | Win32.Trojan.Tedy | ||
| 44% | ReversingLabs | Win32.Trojan.Generic | ||
| 62% | ReversingLabs | Win32.Trojan.Tedy | ||
| 76% | ReversingLabs | ByteCode-MSIL.Trojan.Disabler | ||
| 44% | ReversingLabs | Win32.Trojan.Generic |
| Source | Detection | Scanner | Label | Link | Download |
|---|---|---|---|---|---|
| 100% | Avira | TR/Patched.Gen | Download File | ||
| 100% | Avira | HEUR/AGEN.1252166 | Download File | ||
| 100% | Avira | TR/Patched.Gen | Download File | ||
| 100% | Avira | HEUR/AGEN.1252166 | Download File | ||
| 100% | Avira | TR/Patched.Gen | Download File |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 9% | Virustotal | Browse | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 193.233.20.23 | unknown | Russian Federation | 8749 | REDCOM-ASRedcomKhabarovskRussiaRU | true |
| Joe Sandbox Version: | 36.0.0 Rainbow Opal |
| Analysis ID: | 815872 |
| Start date and time: | 2023-02-27 11:37:41 +01:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 11m 26s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 15 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample file name: | iOqzwbUlln.exe |
| Original Sample Name: | fc3e0027ffead1129accedcb4814e96f.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@15/10@0/1 |
| EGA Information: |
|
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 11:39:18 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 193.233.20.23 | Get hash | malicious | Amadey, RedLine | Browse | ||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| REDCOM-ASRedcomKhabarovskRussiaRU | Get hash | malicious | Amadey, RedLine | Browse |
| |
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
|
| Process: | C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 226 |
| Entropy (8bit): | 5.354940450065058 |
| Encrypted: | false |
| SSDEEP: | 6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv |
| MD5: | B10E37251C5B495643F331DB2EEC3394 |
| SHA1: | 25A5FFE4C2554C2B9A7C2794C9FE215998871193 |
| SHA-256: | 8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D |
| SHA-512: | 296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2843 |
| Entropy (8bit): | 5.3371553026862095 |
| Encrypted: | false |
| SSDEEP: | 48:MIHK5HKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHK1Hd:Pq5qXeqm00YqhQnouOqLqdqNq2qzcGtZ |
| MD5: | 58CF1C9EAE5701A8E66D103465A98FBD |
| SHA1: | D78C2D38863F954605A1CAA1196C6EE40A646509 |
| SHA-256: | 10206E90EDC039BAEDD05883379565405B5E7BA04605836A539FBBB180D3BF54 |
| SHA-512: | A01F50BB1B8F1839A15741343B0B4A548C40E7F73457C53A95ED389859EB0F142B4FB1D96AD98E4635C3E8E9E5B50156DB10BAC5736A27D61BF8B27E22720F58 |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\Desktop\iOqzwbUlln.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 179448 |
| Entropy (8bit): | 4.949141159217189 |
| Encrypted: | false |
| SSDEEP: | 3072:cxqZWN9abUP0PAqt+eeD5F6hYfxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuw6:yqZ5AqoB6h |
| MD5: | 378ED88EBDB06E622FEB565D682E26F3 |
| SHA1: | E31E193FE697949D39AA2C29A1FED0B32509175F |
| SHA-256: | 1F3F46EDCE2F5C311567B5358B6FC8AD908B1358896CE31D3A00478DB65E179E |
| SHA-512: | E752098407B49DE79C20BED58FA3190D976B5D31287414AAAEA3E06472AA9E15C2A07117600DA3C86189E01E7851576E6F0124A52334F3A2E8BF804AFFB2CDEA |
| Malicious: | true |
| Yara Hits: |
|
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\iOqzwbUlln.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 982016 |
| Entropy (8bit): | 7.922315449972201 |
| Encrypted: | false |
| SSDEEP: | 12288:KMrhy90ipV+f8Va9PHpAYKs9bRdoXO5LFxmpAFosOhk9NfKBUBzE9hxIs1baf5e6:fyBVaZprL6XO5LbmpAh0UBwUsk5e6 |
| MD5: | 43AC4F54070D2E111D56AF37CF9C2765 |
| SHA1: | 0F847A85EE22627DA0B24F590F054C4F6F8F3EFC |
| SHA-256: | 1A2CFEA88AA9CAA8C328E862897F899E264557E7EA4516051C790483D2758F8C |
| SHA-512: | 09CCC10213300C4C286CA397B34E0F3734C5271AF641B1AB078B9D80308FF2A419B3C22688026C1D29D7BF0568434D87CD784D0DD9B72E99B1E7971B66FF547A |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 319488 |
| Entropy (8bit): | 7.462173497992741 |
| Encrypted: | false |
| SSDEEP: | 3072:y/ae4GLByOGZEnuPi1dFv+q8C3Rm/x/m+zLVEConBlpVjlEXecC9BUqLfQ1Hvr:6aiLoO7dF34VmS98BlFAerI |
| MD5: | 1DC889EA2A05C7C4D829060CABE98814 |
| SHA1: | 4A9314FAF85B3A0EB4B649A7A0B9E8B519E20ADB |
| SHA-256: | 577AF1002754AEB104A8EADE2F2A011C6A0FC75F8F8E87AB51BFBBD892BE151D |
| SHA-512: | 71B3F7AD2B74ECE2A96869F5CEBC7BE8B5D47F8FAC7ABCA269864F8190755DAB705090067E032402F8F9A283D5D022D25D80D373177E0F28460C716508E0AD89 |
| Malicious: | true |
| Antivirus: |
|
| Joe Sandbox View: | |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 698368 |
| Entropy (8bit): | 7.871406128669399 |
| Encrypted: | false |
| SSDEEP: | 12288:mMrWy90/O6Fcx4EbRhWX15ei4m5Ago/H/k3KVLX/B6As:Ey8OU2YX15etm5AFd/BS |
| MD5: | 8906052E48565395A2A7E5B0D6584C7E |
| SHA1: | 9D0868DFE86682D7E7DBE698A09221CA1FF6EB69 |
| SHA-256: | 23EFB6F716921B209CA4584691B8C5A83BDFC1ED5B0D6DFC3CF5C63E253CE8B0 |
| SHA-512: | BB336038DF65A9D1554AE0019558B2B70F6A781B4E60AD7FA2F795782F6BEE0F22590D817B26725ED6AAF25944A9FB982ED18B0DE3BEB01EDE506D76B2E4D4AD |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 260608 |
| Entropy (8bit): | 7.266872346954937 |
| Encrypted: | false |
| SSDEEP: | 6144:nxlLnw3emCfISrkCl/dYZVIARBalBBNwfg:nfj6ezrkClo/Bimf |
| MD5: | 716F45CB193505F1726FA1074BAEC9A5 |
| SHA1: | 0FEBBE50F23CEF22709D9503C2BC31717D11445F |
| SHA-256: | 3910C9E8B4D94155A5255FAD93837888C0BF91EA24EE74B9D9841F4EBDD8CD03 |
| SHA-512: | 15620D78E4FC7AE5D560D80F4BED0EDC7D370012A42CA380CE6F482D506C85BB1CE43FE114E8AE1D0B9D0B7761F6C83BF4FF28BFDA765D3ACA6E78776236AE47 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 409088 |
| Entropy (8bit): | 7.71693047560672 |
| Encrypted: | false |
| SSDEEP: | 6144:Kpy+bnr+7p0yN90QECr7NC+TaVDUpBVFmS98BYlAoKJhtRg8bkZU:LMrjy90orIQpBbmUAnoAF/ |
| MD5: | 64653075A4A9CF43333AE22B968159AB |
| SHA1: | 4E2EB552ABDE0014FD2B340A85150A1B59B70DEF |
| SHA-256: | 5D201D551C244FC716E8131CFE7B38ADFA6925367A5EF9D744483F05D72F288B |
| SHA-512: | CBA90570CFC0234452408BE1D8EB67AA7EC3BB6202BB710A5BE7E5D6DDB7A533371EA6C1858EB7300A6B903B0B66450F73C480367EF613C1B687AD6A41AA9CC7 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11713 |
| Entropy (8bit): | 4.832235212694193 |
| Encrypted: | false |
| SSDEEP: | 96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp |
| MD5: | CA6D279F0C8A205BFA0F8878D8F7BA2A |
| SHA1: | EB1308069E84907580A742944DF2E72CCA4ED942 |
| SHA-256: | 1AEC5284DD228F2DEC7EB05BAABAD433131CD164C25E53875511B8297DEE0FF4 |
| SHA-512: | 10331D83EFFD5A03C16CC5526204849EF458ECE2D1C7D7D1744315E0D8874853DCA301172541B4F4C7A5235678C53979FC832FB59A3E6D9ECCA7522F72E652B7 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 319488 |
| Entropy (8bit): | 7.462173497992741 |
| Encrypted: | false |
| SSDEEP: | 3072:y/ae4GLByOGZEnuPi1dFv+q8C3Rm/x/m+zLVEConBlpVjlEXecC9BUqLfQ1Hvr:6aiLoO7dF34VmS98BlFAerI |
| MD5: | 1DC889EA2A05C7C4D829060CABE98814 |
| SHA1: | 4A9314FAF85B3A0EB4B649A7A0B9E8B519E20ADB |
| SHA-256: | 577AF1002754AEB104A8EADE2F2A011C6A0FC75F8F8E87AB51BFBBD892BE151D |
| SHA-512: | 71B3F7AD2B74ECE2A96869F5CEBC7BE8B5D47F8FAC7ABCA269864F8190755DAB705090067E032402F8F9A283D5D022D25D80D373177E0F28460C716508E0AD89 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| File type: | |
| Entropy (8bit): | 7.936745878901933 |
| TrID: |
|
| File name: | iOqzwbUlln.exe |
| File size: | 1129984 |
| MD5: | fc3e0027ffead1129accedcb4814e96f |
| SHA1: | e4c0e5996cb68ef0a79648a6c01e9f0c906986db |
| SHA256: | fdb606c65f84e10b023a3c77a553791291373175953f5c2e98134ebb623d64d1 |
| SHA512: | 1f29a3d19cb0e065123f028632034c90cf71f108909e5b05c8631bfbfe4600e89931565d7cf2d4f8836f7e25ee921b369dd610cb10b351d5d9baa09387a3d2e5 |
| SSDEEP: | 24576:GyEuEGYnpYUZ/rDqZDeXO5hdmWAzrrBfnL:VpZYnt/SR5hgdPt |
| TLSH: | 95352307FBFC4476D865477048B906D30A36FE112B7E429F324EAE9A08726245736BDB |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d. |
| Icon Hash: | f8e0e4e8ecccc870 |
| Entrypoint: | 0x406a60 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x628D60E2 [Tue May 24 22:49:06 2022 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 10 |
| OS Version Minor: | 0 |
| File Version Major: | 10 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 10 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 646167cce332c1c252cdcb1839e0cf48 |
| Instruction |
|---|
| call 00007F8B4C6D5925h |
| jmp 00007F8B4C6D5235h |
| push 00000058h |
| push 004072B8h |
| call 00007F8B4C6D59C7h |
| xor ebx, ebx |
| mov dword ptr [ebp-20h], ebx |
| lea eax, dword ptr [ebp-68h] |
| push eax |
| call dword ptr [0040A184h] |
| mov dword ptr [ebp-04h], ebx |
| mov eax, dword ptr fs:[00000018h] |
| mov esi, dword ptr [eax+04h] |
| mov edi, ebx |
| mov edx, 004088ACh |
| mov ecx, esi |
| xor eax, eax |
| lock cmpxchg dword ptr [edx], ecx |
| test eax, eax |
| je 00007F8B4C6D524Ah |
| cmp eax, esi |
| jne 00007F8B4C6D5239h |
| xor esi, esi |
| inc esi |
| mov edi, esi |
| jmp 00007F8B4C6D5242h |
| push 000003E8h |
| call dword ptr [0040A188h] |
| jmp 00007F8B4C6D5209h |
| xor esi, esi |
| inc esi |
| cmp dword ptr [004088B0h], esi |
| jne 00007F8B4C6D523Ch |
| push 0000001Fh |
| call 00007F8B4C6D575Bh |
| pop ecx |
| jmp 00007F8B4C6D526Ch |
| cmp dword ptr [004088B0h], ebx |
| jne 00007F8B4C6D525Eh |
| mov dword ptr [004088B0h], esi |
| push 004010C4h |
| push 004010B8h |
| call 00007F8B4C6D5386h |
| pop ecx |
| pop ecx |
| test eax, eax |
| je 00007F8B4C6D5249h |
| mov dword ptr [ebp-04h], FFFFFFFEh |
| mov eax, 000000FFh |
| jmp 00007F8B4C6D5369h |
| mov dword ptr [004081E4h], esi |
| cmp dword ptr [004088B0h], esi |
| jne 00007F8B4C6D524Dh |
| push 004010B4h |
| push 004010ACh |
| call 00007F8B4C6D5915h |
| pop ecx |
| pop ecx |
| mov dword ptr [000088B0h], 00000000h |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa28c | 0xb4 | .idata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc000 | 0x10b7c4 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x118000 | 0x888 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x1410 | 0x54 | .text |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x1008 | 0x40 | .text |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0xa000 | 0x288 | .idata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x6314 | 0x6400 | False | 0.5744140625 | data | 6.314163792045976 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .data | 0x8000 | 0x1a48 | 0x200 | False | 0.609375 | data | 4.970639543960129 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .idata | 0xa000 | 0x1052 | 0x1200 | False | 0.4140625 | data | 5.025949912909207 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0xc000 | 0x10c000 | 0x10b800 | False | 0.9654159973714953 | data | 7.954331200269156 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x118000 | 0x888 | 0xa00 | False | 0.746484375 | data | 6.222637930812128 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| AVI | 0xcb30 | 0x2e1a | RIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bpp | English | United States |
| RT_ICON | 0xf94c | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States |
| RT_ICON | 0xffb4 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States |
| RT_ICON | 0x1029c | 0x1e8 | Device independent bitmap graphic, 24 x 48 x 4, image size 288 | English | United States |
| RT_ICON | 0x10484 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States |
| RT_ICON | 0x105ac | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | English | United States |
| RT_ICON | 0x11454 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States |
| RT_ICON | 0x11cfc | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | English | United States |
| RT_ICON | 0x123c4 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States |
| RT_ICON | 0x1292c | 0xd9d2 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
| RT_ICON | 0x20300 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States |
| RT_ICON | 0x228a8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States |
| RT_ICON | 0x23950 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States |
| RT_ICON | 0x242d8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
| RT_DIALOG | 0x24740 | 0x2f2 | data | English | United States |
| RT_DIALOG | 0x24a34 | 0x35c | data | Russian | Russia |
| RT_DIALOG | 0x24d90 | 0x1b0 | data | English | United States |
| RT_DIALOG | 0x24f40 | 0x1b4 | data | Russian | Russia |
| RT_DIALOG | 0x250f4 | 0x166 | data | English | United States |
| RT_DIALOG | 0x2525c | 0x168 | data | Russian | Russia |
| RT_DIALOG | 0x253c4 | 0x1c0 | data | English | United States |
| RT_DIALOG | 0x25584 | 0x1e0 | data | Russian | Russia |
| RT_DIALOG | 0x25764 | 0x130 | data | English | United States |
| RT_DIALOG | 0x25894 | 0x150 | data | Russian | Russia |
| RT_DIALOG | 0x259e4 | 0x120 | data | English | United States |
| RT_DIALOG | 0x25b04 | 0x122 | data | Russian | Russia |
| RT_STRING | 0x25c28 | 0x8c | Matlab v4 mat-file (little endian) l, numeric, rows 0, columns 0 | English | United States |
| RT_STRING | 0x25cb4 | 0x86 | Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0 | Russian | Russia |
| RT_STRING | 0x25d3c | 0x520 | data | English | United States |
| RT_STRING | 0x2625c | 0x52e | data | Russian | Russia |
| RT_STRING | 0x2678c | 0x5cc | data | English | United States |
| RT_STRING | 0x26d58 | 0x592 | data | Russian | Russia |
| RT_STRING | 0x272ec | 0x4b0 | data | English | United States |
| RT_STRING | 0x2779c | 0x4b2 | data | Russian | Russia |
| RT_STRING | 0x27c50 | 0x44a | data | English | United States |
| RT_STRING | 0x2809c | 0x43e | data | Russian | Russia |
| RT_STRING | 0x284dc | 0x3ce | data | English | United States |
| RT_STRING | 0x288ac | 0x2fc | data | Russian | Russia |
| RT_RCDATA | 0x28ba8 | 0x7 | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x28bb0 | 0xedae0 | Microsoft Cabinet archive data, many, 973536 bytes, 2 files, at 0x2c +A "szV94FU13.exe" +A "rWE40pD80.exe", ID 2077, number 1, 36 datablocks, 0x1503 compression | English | United States |
| RT_RCDATA | 0x116690 | 0x4 | data | English | United States |
| RT_RCDATA | 0x116694 | 0x24 | data | English | United States |
| RT_RCDATA | 0x1166b8 | 0x7 | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x1166c0 | 0x7 | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x1166c8 | 0x4 | data | English | United States |
| RT_RCDATA | 0x1166cc | 0xe | data | English | United States |
| RT_RCDATA | 0x1166dc | 0x4 | data | English | United States |
| RT_RCDATA | 0x1166e0 | 0xe | data | English | United States |
| RT_RCDATA | 0x1166f0 | 0x4 | data | English | United States |
| RT_RCDATA | 0x1166f4 | 0x5 | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x1166fc | 0x7 | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x116704 | 0x7 | ASCII text, with no line terminators | English | United States |
| RT_GROUP_ICON | 0x11670c | 0xbc | data | English | United States |
| RT_VERSION | 0x1167c8 | 0x408 | data | English | United States |
| RT_VERSION | 0x116bd0 | 0x410 | data | Russian | Russia |
| RT_MANIFEST | 0x116fe0 | 0x7e2 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States |
| DLL | Import |
|---|---|
| ADVAPI32.dll | GetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges |
| KERNEL32.dll | _lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA |
| GDI32.dll | GetDeviceCaps |
| USER32.dll | SetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics |
| msvcrt.dll | _controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset |
| COMCTL32.dll | |
| Cabinet.dll | |
| VERSION.dll | GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States | |
| Russian | Russia |
| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 193.233.20.23192.168.2.44123496952043234 02/27/23-11:39:10.429997 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| 192.168.2.4193.233.20.234969541232043231 02/27/23-11:39:21.135506 | TCP | 2043231 | ET TROJAN Redline Stealer TCP CnC Activity | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| 192.168.2.4193.233.20.234969541232043233 02/27/23-11:39:08.913244 | TCP | 2043233 | ET TROJAN RedLine Stealer TCP CnC net.tcp Init | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 27, 2023 11:39:08.522212982 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:08.544389963 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:08.544508934 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:08.913244009 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:08.935796976 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:08.986814022 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:10.407458067 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:10.429996967 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:10.471339941 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:17.281985998 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:17.305660009 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:17.305713892 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:17.305732965 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:17.307555914 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:18.284384966 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:18.307071924 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:18.342612982 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:18.365082979 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:18.522150993 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:19.258249044 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:19.280755997 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:19.282398939 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:19.304991961 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:19.348175049 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:19.370678902 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:19.487677097 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:19.706926107 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:19.729378939 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:19.828773022 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:19.851257086 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:19.891737938 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:20.050028086 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:20.073169947 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:20.190898895 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:20.234889984 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:20.257138014 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:20.257513046 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:20.372709990 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:20.395013094 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:20.395488024 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:20.443651915 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:20.465847015 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:20.465907097 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:20.466536999 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:20.483655930 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:20.506293058 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:20.509649992 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:20.532846928 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:20.581556082 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:20.975769043 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:20.998248100 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:21.057123899 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:21.079766035 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:21.087624073 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:21.110258102 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:21.111568928 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:21.134205103 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:21.135505915 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
| Feb 27, 2023 11:39:21.158057928 CET | 4123 | 49695 | 193.233.20.23 | 192.168.2.4 |
| Feb 27, 2023 11:39:21.201046944 CET | 49695 | 4123 | 192.168.2.4 | 193.233.20.23 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 11:38:40 |
| Start date: | 27/02/2023 |
| Path: | C:\Users\user\Desktop\iOqzwbUlln.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xe80000 |
| File size: | 1129984 bytes |
| MD5 hash: | FC3E0027FFEAD1129ACCEDCB4814E96F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Target ID: | 1 |
| Start time: | 11:38:40 |
| Start date: | 27/02/2023 |
| Path: | C:\Users\user\AppData\Local\Temp\IXP000.TMP\szV94FU13.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc0000 |
| File size: | 982016 bytes |
| MD5 hash: | 43AC4F54070D2E111D56AF37CF9C2765 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 2 |
| Start time: | 11:38:41 |
| Start date: | 27/02/2023 |
| Path: | C:\Users\user\AppData\Local\Temp\IXP001.TMP\stL82bL52.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x1f0000 |
| File size: | 698368 bytes |
| MD5 hash: | 8906052E48565395A2A7E5B0D6584C7E |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 3 |
| Start time: | 11:38:42 |
| Start date: | 27/02/2023 |
| Path: | C:\Users\user\AppData\Local\Temp\IXP002.TMP\sQm37qN82.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xde0000 |
| File size: | 409088 bytes |
| MD5 hash: | 64653075A4A9CF43333AE22B968159AB |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 4 |
| Start time: | 11:38:42 |
| Start date: | 27/02/2023 |
| Path: | C:\Users\user\AppData\Local\Temp\IXP003.TMP\iDa05Vg46.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x320000 |
| File size: | 11713 bytes |
| MD5 hash: | CA6D279F0C8A205BFA0F8878D8F7BA2A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 5 |
| Start time: | 11:38:53 |
| Start date: | 27/02/2023 |
| Path: | C:\Users\user\AppData\Local\Temp\IXP003.TMP\kGO12fD60.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 319488 bytes |
| MD5 hash: | 1DC889EA2A05C7C4D829060CABE98814 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Yara matches: |
|
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 6 |
| Start time: | 11:38:53 |
| Start date: | 27/02/2023 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7e46f0000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 7 |
| Start time: | 11:39:02 |
| Start date: | 27/02/2023 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7e46f0000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 8 |
| Start time: | 11:39:10 |
| Start date: | 27/02/2023 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7e46f0000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 9 |
| Start time: | 11:39:19 |
| Start date: | 27/02/2023 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7e46f0000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
Execution Graph
| Execution Coverage: | 28.6% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 29.6% |
| Total number of Nodes: | 964 |
| Total number of Limit Nodes: | 25 |
Graph
Callgraph
Function 00E8202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
Control-flow Graph
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E83BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E81AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E8597D Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 212windowCOMMON
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E84FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
Control-flow Graph
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E82F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 75% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E83FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
Control-flow Graph
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E82BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
| C-Code - Quality: 70% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E86F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E855A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
Control-flow Graph
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E844B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
Control-flow Graph
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E853A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E8256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E86A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
Control-flow Graph
| C-Code - Quality: 51% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E858C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E851E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E852B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
| C-Code - Quality: 74% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E81FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E84C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E8487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E84AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E8658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E8621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E84B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E866AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E84CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E84CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E85C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E81F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
| C-Code - Quality: 60% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E817EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
| C-Code - Quality: 57% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E83210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
| C-Code - Quality: 76% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E82CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E834F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E84224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
| C-Code - Quality: 50% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E82773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E82267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
| C-Code - Quality: 62% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E83100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 91% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E8681F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E82AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
| C-Code - Quality: 95% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E828E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E843D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 53% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E83A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E836EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 78% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E86495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E84169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
| C-Code - Quality: 32% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E819E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
| C-Code - Quality: 93% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E847E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E83680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E865E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
| C-Code - Quality: 72% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E869B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
| Execution Coverage: | 28.8% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 955 |
| Total number of Limit Nodes: | 25 |
Graph
Callgraph
Function 000C3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
| C-Code - Quality: 70% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C6F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
Control-flow Graph
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
Control-flow Graph
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
Control-flow Graph
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
Control-flow Graph
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 75% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C6A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
Control-flow Graph
| C-Code - Quality: 51% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C3FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
Control-flow Graph
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
| C-Code - Quality: 74% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C4B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
| C-Code - Quality: 60% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C6CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
| C-Code - Quality: 76% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
| C-Code - Quality: 50% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
| C-Code - Quality: 62% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 91% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
| C-Code - Quality: 57% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
| C-Code - Quality: 95% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 53% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C28E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
| C-Code - Quality: 32% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
| C-Code - Quality: 93% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C6517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
| C-Code - Quality: 77% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000C65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
| C-Code - Quality: 72% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
| Execution Coverage: | 28.7% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 960 |
| Total number of Limit Nodes: | 24 |
Graph
Callgraph
Function 001F3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
| C-Code - Quality: 70% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F6F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
Control-flow Graph
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
Control-flow Graph
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
Control-flow Graph
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
Control-flow Graph
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 75% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F6A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
Control-flow Graph
| C-Code - Quality: 51% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F3FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
Control-flow Graph
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
| C-Code - Quality: 74% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F4B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
| C-Code - Quality: 60% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F6CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
| C-Code - Quality: 76% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
| C-Code - Quality: 50% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
| C-Code - Quality: 62% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 91% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
| C-Code - Quality: 57% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
| C-Code - Quality: 95% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 53% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F28E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
| C-Code - Quality: 32% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
| C-Code - Quality: 93% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F6517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
| C-Code - Quality: 77% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
| C-Code - Quality: 72% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001F69B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Callgraph
Function 00DE3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
| C-Code - Quality: 70% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE6F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
Control-flow Graph
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
Control-flow Graph
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
Control-flow Graph
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 75% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE6A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
Control-flow Graph
| C-Code - Quality: 51% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE3FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
Control-flow Graph
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
| C-Code - Quality: 74% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE4B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
| C-Code - Quality: 60% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE6CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
| C-Code - Quality: 76% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
| C-Code - Quality: 50% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
| C-Code - Quality: 62% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 91% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
| C-Code - Quality: 57% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
| C-Code - Quality: 95% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 53% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE28E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
| C-Code - Quality: 32% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
| C-Code - Quality: 93% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE6517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
| C-Code - Quality: 77% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
| C-Code - Quality: 72% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00DE69B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Callgraph
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004019F0 Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747comprocessCOMMON
Control-flow Graph
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
Control-flow Graph
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
Control-flow Graph
| C-Code - Quality: 63% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05170040 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 05170300 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EA0A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
Control-flow Graph
| C-Code - Quality: 25% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 85% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ADB0 Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 85% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00414738 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
| C-Code - Quality: 90% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C73D Relevance: 7.6, APIs: 5, Instructions: 64COMMON
| C-Code - Quality: 77% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 89% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00413610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
| C-Code - Quality: 65% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 86% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D00 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
| C-Code - Quality: 97% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BAAA Relevance: 6.1, APIs: 4, Instructions: 137COMMON
| C-Code - Quality: 91% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |